k8s-manifests/jupyter/base/charts/jupyterhub/templates/proxy/autohttps/rbac.yaml

{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) -}}
{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) -}}
{{- if $autoHTTPS -}}
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ include "jupyterhub.autohttps.fullname" . }}
  labels:
    {{- include "jupyterhub.labels" . | nindent 4 }}
  {{- with .Values.proxy.traefik.serviceAccount.annotations }}
  annotations:
    {{- . | toYaml | nindent 4 }}
  {{- end }}
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "patch", "list", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ include "jupyterhub.autohttps.fullname" . }}
  labels:
    {{- include "jupyterhub.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
  name: {{ include "jupyterhub.autohttps-serviceaccount.fullname" . }}
  apiGroup:
roleRef:
  kind: Role
  name: {{ include "jupyterhub.autohttps.fullname" . }}
  apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}
Jupytherhub: Export 3.0.3 like so: ``` helm repo add jupyterhub https://hub.jupyter.org/helm-chart/ helm fetch jupyterhub/jupyterhub --version 3.0.3 --untar --untardir . ``` 2023-09-25 14:28:39 +00:00			`{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) -}}`
			`{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) -}}`
			`{{- if $autoHTTPS -}}`
			`{{- if .Values.rbac.create -}}`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`name: {{ include "jupyterhub.autohttps.fullname" . }}`
			`labels:`
			`{{- include "jupyterhub.labels" . \| nindent 4 }}`
			`{{- with .Values.proxy.traefik.serviceAccount.annotations }}`
			`annotations:`
			`{{- . \| toYaml \| nindent 4 }}`
			`{{- end }}`
			`rules:`
			`- apiGroups: [""]`
			`resources: ["secrets"]`
			`verbs: ["get", "patch", "list", "create"]`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`name: {{ include "jupyterhub.autohttps.fullname" . }}`
			`labels:`
			`{{- include "jupyterhub.labels" . \| nindent 4 }}`
			`subjects:`
			`- kind: ServiceAccount`
			`name: {{ include "jupyterhub.autohttps-serviceaccount.fullname" . }}`
			`apiGroup:`
			`roleRef:`
			`kind: Role`
			`name: {{ include "jupyterhub.autohttps.fullname" . }}`
			`apiGroup: rbac.authorization.k8s.io`
			`{{- end }}`
			`{{- end }}`